SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement
7 snips
Mar 12, 2025 Microsoft just patched six exploited vulnerabilities, including a critical fix for its DNS server. Apple responded with an update for WebKit vulnerabilities affecting iOS and macOS. The podcast also discusses Espressif’s reassurance about their ESP32 chipsets, clarifying that recent claims of 'backdoors' are related to debug commands and not Bluetooth access. Tune in for insights on these essential security updates!
AI Snips
Chapters
Transcript
Episode notes
Patch Tuesday Advice
- Microsoft's March 2025 Patch Tuesday addressed over 50 vulnerabilities.
- Six of these vulnerabilities were already being exploited.
Exploited Vulnerabilities
- Exploited vulnerabilities focused on file system issues (NTFS and FAT).
- Exploiting these requires mounting a corrupt file system, like a VHD file.
DNS Vulnerability
- A critical vulnerability exists in Microsoft's DNS service, exploitable via dynamic DNS update records.
- This vulnerability is a timing issue, requiring the attack at the right moment.